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DETAILED ACTION 

1. The instant application having Application No. 10/560,685 filed on 12/14/2005 is 
presented for examination by the examiner. 

Oath/Declaration 

2. The applicant's oath/declaration has been reviewed by the examiner and is found 
to conform to the requirements prescribed in 37 C.F.R. 1.63. 

Priority 

3. As required bye M.P.E.P. 201.14(c), acknowledgement is made of applicant's 
claim for priority based on applications filed on June 13, 2003 (EPO 03101791.6). 

Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d), which 
papers have been placed of record in the file. 

Examiner Notes 

4. Examiner cites particular columns and line numbers in the references as applied 
to the claims below for the convenience of the applicant. Although the specified 
citations are representative of the teachings in the art and are applied to the specific 
limitations within the individual claim, other passages and figures may apply as well. It 
is respectfully requested that, in preparing responses, the applicant fully consider the 
references in entirety as potentially teaching all or part of the claimed invention, as well 
as the context of the passage as taught by the prior art or disclosed by the examiner. 
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Drawings 

5. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(5) 
because they do not include the following reference sign(s) mentioned in the 
description: 200. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are 
required in reply to the Office action to avoid abandonment of the application. Any 
amended replacement drawing sheet should include all of the figures appearing on the 
immediate prior version of the sheet, even if only one figure is being amended. Each 
drawing sheet submitted after the filing date of an application must be labeled in the top 
margin as either "Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1.121(d). If 
the changes are not accepted by the examiner, the applicant will be notified and 
informed of any required corrective action in the next Office action. The objection to the 
drawings will not be held in abeyance. 

6. The drawings are objected to under 37 CFR 1.83(a) because they fail to show 
the "random hysteresis" and "random don't care" subject matter in full detail (page 8, 
line 10 to page 9, line 11) as described in the specification. Any structural detail that is 
essential for a proper understanding of the disclosed invention should be shown in the 
drawing. MPEP § 608.02(d). Corrected drawing sheets in compliance with 37 CFR 
1.121(d) are required in reply to the Office action to avoid abandonment of the 
application. Any amended replacement drawing sheet should include all of the figures 
appearing on the immediate prior version of the sheet, even if only one figure is being 
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amended. The figure or figure number of an amended drawing should not be labeled as 
"amended." If a drawing figure is to be canceled, the appropriate figure must be 
removed from the replacement sheet, and where necessary, the remaining figures must 
be renumbered and appropriate changes made to the brief description of the several 
views of the drawings for consistency. Additional replacement sheets may be necessary 
to show the renumbering of the remaining figures. Each drawing sheet submitted after 
the filing date of an application must be labeled in the top margin as either 
"Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1.121(d). If the changes are 
not accepted by the examiner, the applicant will be notified and informed of any required 
corrective action in the next Office action. The objection to the drawings will not be held 
in abeyance. 

7. The drawings are objected to under 37 CFR 1 .83(a). The drawings must show 
every feature of the invention specified in the claims. Therefore, the "third field" from 
claim 11, 13, and 14 must be shown or the feature(s) canceled from the claim(s). No 
new matter should be entered. 

Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in 
reply to the Office action to avoid abandonment of the application. Any amended 
replacement drawing sheet should include all of the figures appearing on the immediate 
prior version of the sheet, even if only one figure is being amended. The figure or figure 
number of an amended drawing should not be labeled as "amended." If a drawing figure 
is to be canceled, the appropriate figure must be removed from the replacement sheet, 
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and where necessary, the remaining figures must be renumbered and appropriate 
changes made to the brief description of the several views of the drawings for 
consistency. Additional replacement sheets may be necessary to show the renumbering 
of the remaining figures. Each drawing sheet submitted after the filing date of an 
application must be labeled in the top margin as either "Replacement Sheet" or "New 
Sheet" pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, 
the applicant will be notified and informed of any required corrective action in the next 
Office action. The objection to the drawings will not be held in abeyance. 



Specification 

The following guidelines illustrate the preferred layout for the specification of a 
utility application. These guidelines are suggested for the applicant's use. 

Arrangement of the Specification 



As provided in 37 CFR 1 .77(b), the specification of a utility application should 
include the following sections in order. Each of the lettered items should appear in 
upper case, without underlining or bold type, as a section heading. If no text follows the 
section heading, the phrase "Not Applicable" should follow the section heading: 

(a) TITLE OF THE INVENTION. 

(b) CROSS-REFERENCE TO RELATED APPLICATIONS. 

(c) STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR 

DEVELOPMENT. 

(d) THE NAMES OF THE PARTIES TO A JOINT RESEARCH AGREEMENT. 

(e) INCORPORATION-BY-REFERENCE OF MATERIAL SUBMITTED ON A 

COMPACT DISC. 

(f) BACKGROUND OF THE INVENTION. 

(1) Field of the Invention. 

(2) Description of Related Art including information disclosed under 37 
CFR 1.97 and 1.98. 

(g) BRIEF SUMMARY OF THE INVENTION. 

(h) BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S). 

(i) DETAILED DESCRIPTION OF THE INVENTION. 



Application/Control Number: 10/560,685 
Art Unit: 4148 



Page 6 



(j) CLAIM OR CLAIMS (commencing on a separate sheet). 

(k) ABSTRACT OF THE DISCLOSURE (commencing on a separate sheet). 

(I) SEQUENCE LISTING (See MPEP § 2424 and 37 CFR 1.821-1.825. A 
"Sequence Listing" is required on paper if the application discloses a 
nucleotide or amino acid sequence as defined in 37 CFR 1.821(a) and if 
the required "Sequence Listing" is not submitted as an electronic 
document on compact disc). 



Claim Rejections - 35 USC §112 

8. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

9. Claim 14 recites the limitation "the third field" in line 2. There is insufficient 
antecedent basis for this limitation in the claim. 

The "third field" was introduced in claim 11; therefore, for the purposes of 
examination, the examiner interpreted the claim as: "A method according to 
claim 6 11, comprising retaining the contents of the third field." 



Claim Rejections - 35 USC § 102 

10. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

11. Claims 1, 2, 4, 6, 9, 10, 15, and 16 are rejected under 35 U.S.C. 102(b) as being 
clearly anticipated by Anderson (US Patent No. 5,751,812). 

Regarding claim 1: 
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Anderson discloses "A method of authenticating a password that is 
presentable in a series of instances and has a first set of fields (201 , 203) and 
has a second field (113, 114, 202, 311, 313, 314), wherein the first set of fields 
comprises at least one of (a) a static field (105, 201 or 302) that does not change 
upon each instance of the password and (b) a dynamic field (101, 102, 203, 305 
or 306) that changes with each instance of the password based upon extrinsic 
data, and wherein the second field is arranged to contain historic data that is a 
function of a preceding instance of authentication, the method comprising: 

receiving a current presented instance of the password (1 10 or 310); and 
performing a comparison operation (605) in which the second field (113, 
114, 311, 313 or 314) of the current presented instance of the password is 
compared using data retained since a prior instance of authentication of the 
password," as 

[(Anderson column 3, lines 43 - 47 and Fig 4) shows a password that 
contains a static "pass phrase" field and a dynamic "seed" field. 

(Anderson column 5, line 35 - column 6 line 49 and Figs 3, 4) shows 
a re-initialization process that sends two passwords, both containing the 
same pass phrase. The first password contains a seed that was used in 
the previous login attempt and the second password contains the new 
value to be stored in the server. The server then compares the first 
password to the one stored from a previous login.] 
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Regarding claim 2: 

Anderson discloses "A method according to claim 1, wherein the historic 
data is a function of a preceding password," as 

[(Anderson column 3, lines 43 - 47 and Fig 4) shows a password that 
contains a static "pass phrase" field and a dynamic "seed" field.] 

Regarding claim 4: 

Anderson discloses "A method according to claim 1, wherein the first set 
of fields comprises a static field (201) and a dynamic field (203)," as 

[(Anderson column 3, lines 43 - 47 and Fig 4) shows a password that 
contains a static "pass phrase" field and a dynamic "seed" field.] 

Regarding claim 6: 

Anderson discloses "A method according to claim 1, further comprising, 
upon successful comparison, retaining data for purposes of comparison of a next 
instance of the password," as 

[(Anderson column 5, line 65 - column 6 line 49) shows the system 
authenticating the old password and storing the new one on a successful 
comparison.] 



Regarding claim 9: 
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Anderson discloses "A method according to claim 6, wherein the data 
retained comprises at least a part of the current presented instance of the 
password," as 

[(Anderson column 5, line 65 - column 6 line 49) shows the system 
authenticating the old password and storing the new one on a successful 
comparison.] 

Regarding claim 10: 

Anderson discloses "A method according to claim 1, wherein the step of 
comparing comprises: 

generating (604) at least the second field of a generated instance of the 
password; and 

comparing (605) the second field of the current presented instance of the 
password with the second field of the generated instance of the password," as 

[(Anderson column 3, lines 43 - 47 and Fig 4) shows a password that 
contains a static "pass phrase" field and a dynamic "seed" field. 

(Anderson column 5, line 35 - 58) shows a password being 
compared to a previous password. Because both passwords will have the 
same "pass phrase," only the "seed" will distinguish between them.] 



Regarding claim 15: 
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Anderson discloses "Apparatus for receiving and authenticating a 
password that is presentable in a series of instances and has a first set of fields 
(201 , 203) and has a second field (202), wherein the first set of fields comprises 
at least one of (a) a static field (201) that does not change upon each instance of 
the password and (b) a dynamic field (203) that changes with each instance of 
the password based upon extrinsic data, and wherein the second field (202) is 
arranged to contain historic data that is a function of a preceding instance of 
authentication, the apparatus comprising: 

input means (500) for inputting a current presented instance of the 
password; and 

comparison means (501) for performing a comparison operation in which 
the second field of the current presented instance of the password is compared 
using data retained since a prior instance of authentication of the password," as 

[(Anderson column 3, lines 43 - 47 and Fig 4) shows a password that 
contains a static "pass phrase" field and a dynamic "seed" field. 

(Anderson column 5, line 35 - column 6 line 49 and Figs 3, 4) shows 
a re-initialization process that sends two passwords, both containing the 
same pass phrase. The first password contains a seed that was used in 
the previous login attempt and the second password contains the new 
value to be stored in the server. The server then compares the first 
password to the one stored from a previous login.] 
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Regarding claim 16: 

Anderson discloses "Apparatus according to claim 15, wherein the historic 
data is a function of a preceding password," as 

[(Anderson column 3, lines 43 - 47 and Fig 4) shows a password that 
contains a static "pass phrase" field and a dynamic "seed" field.] 



Claim Rejections - 35 USC § 103 

12. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

13. Claims 3, 5, 7, 8, 11-14, and 17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Anderson in view of Yu (WO 00/62456 A2). 

Regarding claim 3: 

Anderson and Yu disclose "A method according to claim 1, wherein the 
historic data is a function of an event record of a preceding instance of 
authentication," as 

[(Anderson column 3, lines 44 - 47 and Fig 4) shows a password that 
contains a static "pass phrase" field and a dynamic "seed" field. 

(Yu page 3, line 22 - page 5, line 3 and Table 1) shows a dynamic 
password containing more than one field of data. 
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Combining these two ideas, we can see that the dynamic field of the 
password can contain many different types of variables. These different 
types of variables can represent an event record.] 

Anderson and Yu are analogous art because they are from the same field 
of endeavor of dynamic password generation and encryption. 

It would have been obvious to one of ordinary skill in the art at the time of 
the invention to increase password security and complexity by altering the 
dynamic portion of data to carry many different data fields, as described in Yu. 

Regarding claim 5: 

Anderson further discloses "A method according to claim 4, wherein, for 
the dynamic field, the step of performing a comparison operation comprises" but 
fails to explicitly disclose "receiving extrinsic data in the form of date and/or time 
and/or place data and/or internet protocol address of a client machine." 

However, Yu discloses "receiving extrinsic data in the form of date and/or 
time and/or place data and/or internet protocol address of a client machine," as 

[(Yu page 3, lines 22 - 30) shows several fields selected for the 
purpose of creating a dynamic password. Time, place, and IP address are 
included among these.] 

Anderson and Yu are analogous art because they are from the same field 
of endeavor of dynamic password generation and encryption. 
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It would have been obvious to one of ordinary skill in the art at the time of 
the invention to increase password security and complexity by adding extrinsic 
data to the dynamic field of the password, as described in Yu. 

Regarding claim 7: 

Anderson and Yu further disclose "A method according to claim 6, wherein 
the data retained (602) comprises one of the date and the time of receipt of the 
instance of the current presented instance of the password," as 

[(Anderson column 5, line 65 - column 6, line 49) shows the system 
authenticating the old password and storing the new one on a successful 
comparison. 

(Yu page 3, lines 22 - 30) shows that a dynamic password can 
include date and time fields.] 

Anderson and Yu are analogous art because they are from the same field 
of endeavor of dynamic password generation and encryption. 

It would have been obvious to one of ordinary skill in the art at the time of 
the invention to increase password security and complexity by adding time and 
date fields to the dynamic field of the password, as described in Yu. 



Regarding claim 8: 
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Anderson and Yu further disclose "A method according to claim 6, wherein 
the data retained (602) is derived from the place of receipt of the instance of the 
current presented instance of the password," as 

[(Anderson column 5, line 65 - column 6, line 49) shows the system 
authenticating the old password and storing the new one on a successful 
comparison. 

(Yu page 3, lines 22 - 30) shows that a dynamic password can 
include place and location values.] 

Anderson and Yu are analogous art because they are from the same field 
of endeavor of dynamic password generation and encryption. 

It would have been obvious to one of ordinary skill in the art at the time of 
the invention to increase password security and complexity by adding place 
and/or location values to the dynamic field of the password, as described in Yu. 

Regarding claim 11: 

Anderson and Yu further disclose "A method according to claim 1, in 
which the password further has a third field containing pseudo-random data," as 

[(Anderson column 3, lines 44 - 47 and Fig 4) shows a password that 
contains a static "pass phrase" field and a dynamic "seed" field. 

(Yu page 3, line 22 - page 5, line 3, Table 1 and Fig 1) shows a 
dynamic password containing more than one field of data. 
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(Yu page 5, line 18 - page 6, line 4) shows that a dynamic password 
can contain a field with semi-random data.] 

Anderson and Yu are analogous art because they are from the same field 
of endeavor of dynamic password generation and encryption. 

It would have been obvious to one of ordinary skill in the art at the time of 
the invention to increase password security and complexity by adding semi- 
random data to the dynamic field of the password, as described in Yu. 

Regarding claim 12: 

Anderson further discloses "A method according to claim 11, in which the 
pseudo-random data is input by the user," as 

[(Anderson column 7, lines 34 - 39) shows that the seed can be 
generated by the server, the client, or the user.] 

Regarding claim 13: 

Anderson discloses "A method according to claim 11, in which the data 
retained is the contents of the third field," as 

[(Anderson column 3, lines 44 - 47 and Fig 4) shows a password that 
contains a static "pass phrase" field and a dynamic "seed" field. 

(Yu page 3, line 22 - page 5, line 3, Table 1 and Fig 1) shows a 
dynamic password containing more than one field of data. It would be 
obvious to store any or all fields from the "seed."] 
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Regarding claim 14: 

Anderson discloses "A method according to claim 6, comprising retaining 
the contents of the third field," as 

[(Anderson column 3, lines 44 - 47 and Fig 4) shows a password that 
contains a static "pass phrase" field and a dynamic "seed" field. 

(Yu page 3, line 22 - page 5, line 3, Table 1 and Fig 1) shows a 
dynamic password containing more than one field of data. It would be 
obvious to store any or all fields from the "seed."] 

Anderson and Yu are analogous art because they are from the same field 
of endeavor of dynamic password generation and encryption. 

It would have been obvious to one of ordinary skill in the art at the time of 
the invention to increase password security and complexity by altering the 
dynamic portion of data to carry many different data fields, as described in Yu, 
then storing any or all of these fields for future comparison. 

Regarding claim 17: 

Anderson discloses "when presented with a current presented instance of 
a password that is presentable in a series of instances and has a first set of fields 
(201 , 203) and has a second field (202), wherein the first set of fields comprises 
at least one of (a) a static field (201) that does not change upon each instance of 
the password and (b) a dynamic field (203) that changes with each instance of 
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the password based upon extrinsic data, and wherein the second field (202) is 
arranged to contain data that is a function of a preceding instance of 
authentication, cause the computer to: 

perform a comparison operation (605) in which the second field of the 
current presented instance of the password is compared using data retained 
since a prior instance of authentication of the password," as 

[(Anderson column 3, lines 43 - 47 and Fig 4) shows a password that 
contains a static "pass phrase" field and a dynamic "seed" field. 

(Anderson column 5, line 35 - column 6 line 49 and Figs 3, 4) shows 
a re-initialization process that sends two passwords, both containing the 
same pass phrase. The first password contains a seed that was used in 
the previous login attempt and the second password contains the new 
value to be stored in the server. The server then compares the first 
password to the one stored from a previous login.] 

But fails to explicitly disclose "A data carrier having stored thereon 
instructions and data which, when loaded into the memory (521) of a suitable 
computer (501)." 

However, Yu discloses "A data carrier having stored thereon instructions 
and data which, when loaded into the memory (521) of a suitable computer 
(501)," as 
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[(Yu page 9, lines 14-16) shows a magnetic card that has the static 
"basic ID" and the dynamic "variables" and the equations necessary to 
calculate the current password.] 

Anderson and Yu are analogous art because they are from the same field 
of endeavor of dynamic password generation and encryption. 

It would have been obvious to one of ordinary skill in the art at the time of 
the invention to increase password security by requiring the use of an external 
data carrying device as described in Yu. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CHRISTOPHER B. ARCHER whose telephone number 
is (571)270-7308. The examiner can normally be reached on M-F 7:30-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Thomas Pham can be reached on (571)272-3689. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/C. B. A./ 

Examiner, Art Unit 4148 



/THOMAS PHAIW 

Supervisory Patent Examiner, Art Unit 4148 



